Device security utilizing continually changing qr codes

ABSTRACT

A method provides device access security via use of periodically changing Quick Response (QR) codes. The method includes: generating a first authentication QR code and assigning the generated QR code as the current authentication mechanism for accessing the device. Contemporaneously with the generation of the QR code, at least one QR code validity parameter is established to define when access to the device can be provided to a second device that provides the correct authentication QR code along with the access request. The method includes, in response to a pre-defined trigger of the QR code validity parameter: generating a new authentication QR code, different from a previously generated authentication QR code; assigning the new authentication QR code as the current authentication mechanism for accessing the device; and enabling access to the first device to only second devices that provide the current authentication QR code as the authentication mechanism.

BACKGROUND

1. Technical Field

The present disclosure generally relates to providing security foraccessing personal electronic devices and in particular to use of quickresponse (QR) codes to provide security for accessing personalelectronic devices.

2. Description of the Related Art

Personal electronic devices such as smart phones, tablets, and othersare widely utilized to store data content that the user prefers not tobe generally accessible to the public. Occasionally, the user of thedevice wishes to share certain data content stored on the device with auser of a second device via a direct transfer of that data content.Several of these devices can include a pairing mechanism by which thefirst device is able to communicatively connect to a second device andexchange data content via a created pairing or communication channel.The pairing of these devices can involve an exchange of a pairingcredential that is pre-established for the first device and/or thesecond device to be able to share the data content between the devices.

The use of quick response (QR) codes has grown over the years as amechanism for providing direct access via a QR image to a website orother information that is embedded within the QR image. With mostpersonal devices now including a display and a QR code scanner, theexchange of QR codes from one device to another via direct QR imagecapture is possible.

BRIEF DESCRIPTION OF THE DRAWINGS

The disclosure will best be understood by reference to the followingdetailed description of illustrative embodiments when read inconjunction with the accompanying drawings, wherein:

FIG. 1 provides a block diagram representation of an example userequipment configured with various functional components that enable oneor more of the described features of the disclosure, according to oneembodiment;

FIG. 2 illustrates an example authentication QR code generationenvironment with functional components thereof, according to one or moreembodiments;

FIG. 3 is a block diagram illustration of user interface prompts thatenable entry of authentication parameters on a first user equipment, inaccordance with one embodiment;

FIG. 4 is a block diagram illustration of the user interface of thefirst user equipment displaying an authentication QR code forcommunicating of the authentication QR code to a second device via imagecapture, in accordance with one embodiment;

FIG. 5 illustrates an example implementation scenario in which an imageof a generated authentication QR code is communicated to a seconddevice, in accordance with one embodiment;

FIG. 6 illustrates an example implementation scenario when a seconddevice is paired with a first device and authenticated using thegenerated and shared authentication QR code, in accordance with oneembodiment;

FIG. 7 is a flow chart illustrating aspects of a method by which aperiodically changing authentication QR code is periodically generatedand tracked for usage within a preset time limit, according to one ormore embodiments;

FIG. 8 is a flow chart illustrating aspects of a method by which theperiodically changing authentication QR code is utilized as anauthentication mechanism to enable secure access to a user equipment,according to one or more embodiments;

FIG. 9 is a flow chart illustrating aspects of a method by which aperiodically changing authentication QR code is utilized by one or moresecond devices to access a first device based on a pre-established usagepolicy, according to one or more embodiments; and

FIG. 10 is a flow chart illustrating aspects of a method by which theperiodically-changing authentication QR code is utilized to enableconcurrent access by multiple second devices, with a first access usinga previously-generated QR code and a second, subsequent access requiringnewly generated QR code, according to one or more embodiments.

DETAILED DESCRIPTION

The illustrative embodiments of the present disclosure provide a methodand device that provides access security via use of periodicallychanging Quick Response (QR) codes. According to one aspect, the methodincludes: generating a first authentication QR code and assigning thefirst authentication QR code as a current authentication mechanism foraccessing a first device. Contemporaneously with the generation of theQR code, at least one QR code validity parameter is established thatdefines when access to the first device can be provided to a seconddevice that provides the first authentication QR code along with anaccess request. The method also includes, in response to a pre-definedtrigger associated with the selected at least one QR code validityparameter: generating a new authentication QR code that is differentfrom a previously generated authentication QR code; assigning the newauthentication QR code as the current authentication mechanism foraccessing the first device; associating a corresponding new QR codevalidity parameter to the new authentication QR code; and initiating atracking of the corresponding new QR code validity parameter duringwhich the new authentication QR code remains valid.

According to one or more embodiments, the at least one QR code validityparameter comprises at least one of (1) a time window having an end timeand (2) a defined location within which an authentication QR coderemains valid, and outside of which the authentication QR code isinvalid. A new authentication QR code is automatically generated whenthe first device moves outside of the defined location and a new definedlocation is established for the new authentication QR code. Also, thepre-defined trigger is an associated one of the end time and movement ofthe first device outside of the defined location. The method alsoincludes enabling access to the first device by at least one seconddevice that communicates an access request to the first device, wherethe access request provides an authentication QR code that is thecurrent authentication parameter for accessing the first device, whilethe selected at least one QR code validity parameter associated with theauthentication QR code remains valid. In one implementation, enablingaccess includes enabling pairing of a second device with the firstdevice in response to the second device providing the firstauthentication QR code as the authentication parameter during pairing ofthe second device to the first device.

Additionally, in response to the selected at least one QR code validityparameter being the defined location, the method then includesperiodically triggering the generating of the new authentication QR codeat the end of a second time window associated with the first deviceremaining in a same defined location for longer than the second timewindow.

In the following detailed description of exemplary embodiments of thedisclosure, specific exemplary embodiments in which the various aspectsof the disclosure may be practiced are described in sufficient detail toenable those skilled in the art to practice the invention, and it is tobe understood that other embodiments may be utilized and that logical,architectural, programmatic, mechanical, electrical and other changesmay be made without departing from the spirit or scope of the presentdisclosure. The following detailed description is, therefore, not to betaken in a limiting sense, and the scope of the present disclosure isdefined by the appended claims and equivalents thereof.

Within the descriptions of the different views of the figures, similarelements are provided similar names and reference numerals as those ofthe previous figure(s). The specific numerals assigned to the elementsare provided solely to aid in the description and are not meant to implyany limitations (structural or functional or otherwise) on the describedembodiment. It will be appreciated that for simplicity and clarity ofillustration, elements illustrated in the figures have not necessarilybeen drawn to scale. For example, the dimensions of some of the elementsare exaggerated relative to other elements.

It is understood that the use of specific component, device and/orparameter names, such as those of the executing utility, logic, and/orfirmware described herein, are for example only and not meant to implyany limitations on the described embodiments. The embodiments may thusbe described with different nomenclature and/or terminology utilized todescribe the components, devices, parameters, methods and/or functionsherein, without limitation. References to any specific protocol orproprietary name in describing one or more elements, features orconcepts of the embodiments are provided solely as examples of oneimplementation, and such references do not limit the extension of theclaimed embodiments to embodiments in which different element, feature,protocol, or concept names are utilized. Thus, each term utilized hereinis to be given its broadest interpretation given the context in whichthat terms is utilized.

As further described below, implementation of the functional features ofthe disclosure described herein is provided within processing devicesand/or structures and can involve use of a combination of hardware,firmware, as well as several software-level constructs (e.g., programcode and/or program instructions and/or pseudo-code) that execute toprovide a specific utility for the device or a specific functionallogic. The presented figures illustrate both hardware components andsoftware and/or logic components.

Those of ordinary skill in the art will appreciate that the hardwarecomponents and basic configurations depicted in the figures may vary.The illustrative components are not intended to be exhaustive, butrather are representative to highlight essential components that areutilized to implement aspects of the described embodiments. For example,other devices/components may be used in addition to or in place of thehardware and/or firmware depicted. The depicted example is not meant toimply architectural or other limitations with respect to the presentlydescribed embodiments and/or the general invention.

The description of the illustrative embodiments can be read inconjunction with the accompanying figures. It will be appreciated thatfor simplicity and clarity of illustration, elements illustrated in thefigures have not necessarily been drawn to scale. For example, thedimensions of some of the elements are exaggerated relative to otherelements. Embodiments incorporating teachings of the present disclosureare shown and described with respect to the figures presented herein.

Turning now to FIG. 1, there is depicted a block diagram representationof an example user equipment (UE) within which several of the featuresof the disclosure can be implemented. According to the generalillustration, first UE (UE1) 100 is a processing device that is designedto communicate with other devices via one of a wireless communicationnetwork, generally represented by base station 140 and antenna 142, andone or more near field communication (NFC) devices 138. UE1 100 can beone of a host of different types of devices, including but not limitedto, a mobile cellular phone or smart-phone, a laptop, a net-book, anultra-book, and/or a tablet computing device. These various devices allprovide and/or include the necessary hardware and software to enablegeneration of an authentication QR image for use during pairing of UE1100 with a second UE. Additionally, UE1 100 includes the hardware andsoftware to support the various wireless or wired communicationfunctions.

Referring now to the specific component makeup and the associatedfunctionality of the presented components, UE1 100 comprises processorintegrated circuit (IC) 102, which connects via a plurality of businterconnects (illustrated by the bi-directional arrows) to a pluralityof functional components of UE1 100. Processor IC 102 can include one ormore programmable microprocessors, such as a data processor 104 and adigital signal processor (DSP) 106, which may both be integrated into asingle processing device, in some embodiments. The processor IC 102controls the communication, image capture, and other functions and/oroperations of UE1 100. These functions and/or operations thus include,but are not limited to, application data processing and signalprocessing.

Connected to processor IC 102 is memory 108, which can include volatilememory and/or non-volatile memory. One or more executable applicationscan be stored within memory for execution by data processor 104 onprocessor IC 102. For example, memory 108 is illustrated as containingSecure Access Authentication (SAA) utility 110, which can include a QRcode generation utility 112. The associated functionality and/or usageof each of the software modules will be described in greater detailwithin the descriptions which follow. In particular, the functionalityassociated with and/or provided by SAA utility 110 is described ingreater details with the description of FIG. 2 and several of the flowcharts and other figures. In one embodiment, and particularly where UE1100 is utilized as the device that is being used to capture an image ofa QR code from a second device, UE1 100 can also include QR reader 114and/or camera control/interface 116. Also, in one or more embodiments,SAA utility 110 can be configured to access an externally located QRcode generating facility 180. As illustrated, access to QR codegenerating facility 180 can be via wireless network 170, althoughalternate access modes can also be supported. QR code generatingfacility 180 can be a server that is accessible via the internetutilizing a specific universal resource locator (URL) programmed intoSAA utility 110, in one embodiment.

Also shown coupled to processor IC 102 is storage 150 which can be anytype of available storage device capable of storing one or moreapplication software and data. It is further appreciated that in one ormore alternate embodiments, the device storage can actually be remotestorage and not an integral part of the device itself. As provided,storage 150 contains current authentication mechanism(s) 152, whichincludes authentication QR code 155. The specific usage and/orfunctionality associated with these components are described in greaterdetail in the following descriptions.

UE1 100 also comprises one or more input/output devices, including oneor more input devices, such as camera 120, microphone 121, touch screenand/or touch pad 122, keypad 123, and/or one or more output devices,such as display 125, speaker 126, and others. UE1 100 can also include asubscriber information module (SIM) 127 which can provide uniqueidentification of the subscriber that owns or utilizes the UE1 100, aswell as specific contacts associated with the particular subscriber. Inorder to allow UE1 100 to provide time data, UE1 100 also includessystem clock 128.

According to one aspect of the disclosure and as illustrated by FIG. 1,UE1 100 supports at least one and potentially many forms of wireless,over-the-air communication, which allows UE1 100 to transmit and receivecommunication with at least one second device. As a device supportingwireless communication, UE1 100 can be one of, and be referred to as, asystem, device, subscriber unit, subscriber station, mobile station(MS), mobile, mobile device, remote station, remote terminal, userterminal, terminal, communication device, user agent, user device,cellular telephone, a satellite phone, a cordless telephone, a SessionInitiation Protocol (SIP) phone, a wireless local loop (WLL) station, apersonal digital assistant (PDA), a handheld device having wirelessconnection capability, a computing device, such as a laptop, tablet,smart phone, personal digital assistant, or other processing devicesconnected to a wireless modem. To support the wireless communication,UE1 100 includes one or more communication components, includingtransceiver 130 with connected antenna 132, wireless LAN module 134,Bluetooth® transceiver 137 and near field communication transceivermodule 138. As further illustrated, UE1 100 can also include componentsfor wired communication, such as modem 135 and Ethernet module 136.Collectively, these wireless and wired components provide acommunication means or mechanism 165 by which UE1 100 can communicatewith other devices and networks.

The wireless communication can be via a standard wireless network, whichincludes a network of base stations, illustrated by evolution Node B(eNodeB) 140 and associated base station antenna 142. A firstover-the-air signal 144 is illustrated interconnecting base stationantenna 142 with local antenna 132 of UE1 100. Additionally,communication with the at least one second device can be established vianear field communication transceiver module 138. In at least oneembodiment, UE1 100 can exchange communication with one or more seconddevices, of which UE2 146 and UE3 148 are illustrated. As described infurther detail below, each of UE2 146 and UE3 148 can be second deviceswith which UE1 100 can establish a communication channel following theexchange of specific authentication and/or access credentials. The pathof communication between UE1 100 and the second devices can be via nearfield communication, Bluetooth, or via wireless network 170, asindicated by the second over-the-air signal 172 between base stationantenna 142 and UE2 146.

Turning now to FIG. 2, a more detailed diagram of an exampleAuthentication QR Code Generation and Usage (QRGU) execution environment200 is illustrated. QRGU execution environment 200 includes acombination of hardware, firmware, software and data components, whichcollectively perform the various aspects of the disclosure by executionof SAA utility 110 and other functional components on data processor 104and/or embedded device controllers. As shown, QRGU execution environment200 includes SAA utility 110, which comprises QR code generation utility112, QR access authentication parameter validity tracking module 210,authentication QR code checking module 220, and user interface 230. QRcode generation utility 112 receives one or more current device accessauthentication parameter(s) 205 as input, and generates a correspondingauthentication QR code 155 representing the current authenticationparameter(s) 205. In one or more implementations, the current deviceaccess authentication parameter(s) 205 include one or more of apassword, a login-password combination, an alphanumeric pin, a swipeinput sequence, or other form of authentication parameter. The currentauthentication parameter(s) 205 can be randomly generated or manuallyinputted by a user of UE1 100 within user interface 230. Importantly,the current authentication parameter(s) 205 have a limited lifespan andare periodically changed and/or updated. This aspect of the currentauthentication parameter(s) 205 is reflected in the QR code 155, whichalso constantly and/or periodically changes based on one or moretriggers. The one or more triggers are monitored and enforced by QRaccess authentication parameter validity tracking module 210. As shown,QR access authentication parameter validity tracking module 210 caninclude a timer 215 as well as a location tracker 217, which in oneembodiment can be a global positioning system (GPS) location tracker.The functional use of these two components is described in detail in afollowing section of the disclosure. In one implementation, locationtracker 217 also has a second timer 219, which determines a time duringwhich a QR code remains valid within a specific device location before anew QR code is required to be generated.

In one or more embodiments, QR code generation utility 112 comprisesfirmware, which packages and transmits the current authenticationparameter(s) 205 to an external QR code generating facility 180 (FIG.1), such as a website on a remote server. The QR code generatingfacility 180 then generates the corresponding QR code 155, and returnsthe QR code 155 to UE1 100. In these implementations, the transmissionof the authentication parameters 205 and subsequent return transmissionof the corresponding QR code 155 can occur via wireless network 170 orother communication medium.

Authentication QR code checking module 220 performs a comparison of areceived QR code being provided as the authentication mechanism by asecond device requesting access to link to UE1 100 via a pairingchannel. Authentication QR code checking module 220 either checks thereceived QR code against the current authentication QR code 155 (e.g.,via QR image matching) or deciphers the received QR code and checks thedeciphered parameters against the current authentication parameter(s)205.

In one or more embodiments, Authentication QR Code Generation and Usage(QRGU) execution environment 200 can include a QR code usage profile 225as well as an associated usage register 227. In the illustrativeembodiment, the QR code usage profile 225 is maintained withinauthentication QR code checking module 220, while usage register 227 isshown within storage 150. Regardless of their location relative to theother components, the functionality provided by these components caninclude limitations on the use of the generated QR codes and functionalenhancements related to the implementation of the QR codes as theauthentication mechanism for UE1 100. More detail about these twocomponents is provided in the description of FIGS. 9 and 10.

QRGU execution environment 200 also comprises non-volatile storage 150,within which is maintained several types of data and information germaneto execution of the various different utilities. Specifically, storage150 includes current authentication mechanisms 152, which comprises bothcurrent authentication parameter(s) 205 and current authorization QRcode 155. Also maintained in storage 150 are periodic timer value 232and/or device location range parameter 234, both respectively utilizedby periodic timer 215 and (GPS) location tracker 225. Second timer value236 corresponding to second timer 227 can also be maintained withinstorage 150.

Also illustrated within storage 150 is data content 245, which can bedivided into separate sets of data content, each having differentrequirements for security and/or being assigned different secure accessparameters and/or being tagged for access by specific second devices. Asfurther shown, storage 150 includes contacts 250, which is a database orlist of known persons or second devices or subscribers with which UE1100 can communicate. Each contact is represented by a separate row incontacts 250 and includes a contact ID and/or device ID 252.Additionally, each contact can have an associated access permissionparameter, which is indicated as a device-specific QR code 254.Accordingly, one or more embodiments enable granular assignment of QRcodes to specific second devices 252 for access to specific data content245 on UE1 100.

QRGU execution environment 200 also includes pairing module 260, whichcontrols the pairing functions of UE1 100 to one or more second devices.Pairing module 260 includes pairing parameters 262, a pairing userinterface 264, and pairing device authentication module 266. Pairingdevice authentication module 266 checks the received authentication andpairing parameters received from a second device attempting to connectwith UE1 100 to ensure the second device has the correct authorizationto complete the pairing. In one embodiment, pairing deviceauthentication module 266 triggers authentication QR code checkingmodule 220 to perform the authentication checking when a QR code isprovided as the received authentication parameter. In an alternateembodiment, pairing device authentication module 266 can also performthe QR code checking features of authentication QR code checking module220.

The above described features of UE1 100 (FIG. 1) and QRGU executionenvironment 200 (FIG. 2) presents a first aspect of the disclosure,which provides an electronic device (UE1 100) comprising: a display 125;a communication mechanism 165; and a processor 104 that iscommunicatively coupled to the display 125 and the communicationmechanism 165. The electronic device (100) further includes a secureaccess authentication (SAA) utility 110 that executes on the processor104 and configures the device (100) to: generate a first authenticationQR code 155; assign the first authentication QR code as anauthentication mechanism for accessing a first device; and establish atleast one QR code validity parameter that defines when access to thefirst device can be provided to at least one second device that providesthe first authentication QR code along with an access request. The SAAutility 110 further configures the device (100) to, in response to apre-defined trigger associated with the selected at least one QR codevalidity parameter: generate a new authentication QR code that isdifferent from a previously generated authentication QR code 155; assignthe new authentication QR code 155 as the current authenticationmechanism for accessing the first device; associate a corresponding newQR code validity parameter to the new authentication QR code; andinitiate a tracking of the corresponding new QR code validity parameterduring which the new authentication QR code 155 remains valid.

In one or more embodiments, the at least one QR code validity parametercomprises at least one of (1) a time window having an end time and (2) adefined location within which a current authentication QR code remainsvalid, and outside of which the authentication QR code is invalid; and(3) a defined location within which a current authentication coderemains valid until the end of a second time window (as measured bysecond timer 227). According to validity parameter (3), theauthentication QR code becomes invalid when the first device remains inthe same defined location for longer than the second time window. Thus,the pre-defined trigger is an associated one of the end time, movementof the first device outside of the defined location, and the firstdevice remaining in the defined location for longer than a set period oftime. Additionally, the pre-defined trigger can include at least one of:completion of a pre-defined amount of data transfer from the firstdevice to a requesting device; completion of a transfer of a specificset of data from the first device to a requesting device; and movementof the requesting device out of a communication range from the firstdevice.

The SAA utility 110 further configures the device (100) to: enableaccess to the first device by at least one second device (e.g., UE2 146)that communicates an access request to the first device (100), where theaccess request provides an authentication QR code that is the currentauthentication parameter for accessing the first device (100), while theselected at least one QR code validity parameter associated with theauthentication QR code remains valid.

According to one embodiment, the SAA utility 110 further enables accessto the first device (100) by enabling a pairing of a second device withthe first device (100) in response to the second device providing theauthentication QR code that is the current authentication parameterduring pairing of the second device to the first device. In at least oneimplementation, the SAA utility configuring the device (100) to pairwith a second device includes configuring the device (100) to perform atleast one of: wireless communication between the first device and thesecond device; data transfer between the first device and the seconddevice; an exchange of information between the first device and thesecond device; accessing one or more of files and data on the firstdevice by the second device; and controlling of the first device viainputs provided on the second device.

In yet another embodiment, the SAA utility configuring the device togenerate the first authentication QR code and periodically generate anew authentication QR code comprises the SAA utility further configuringthe device to: periodically generate a new QR code validity parameterrequired to be entered before access is permitted to the first device;convert the new QR code validity parameter into a correspondingauthentication QR code; discard the previous authentication QR code; andprevent access to the first device when a received access requestincludes the previous authentication QR code.

Turning now to FIGS. 3-4, there are illustrated two different views ofUE1 100 and specifically features presented within different userinterfaces on display 125 of UE1 100. FIG. 3 presents user interfaceprompts that enable entry of authentication parameters on UE1 100, whileFIG. 4 presents an example user interface displaying a currentauthentication QR code for communicating to a second device via imagecapture, in accordance with one embodiment. Within FIG. 3, UE1 100 isshown with display 125 presenting SAA UI 230. SAA UI 230 comprises twoprompts and associated entry spaces. First prompt 310 is a request toenter a new authentication parameter. A user of UE1 100 can enteralphanumeric characters or values within first entry 315 as theauthentication parameters. In one or more alternate embodiments,authentication parameters can be randomly generated by SAA utility 110(FIG. 1). First entry 315 can then be utilized when specific userauthentication parameters are to be assigned to certain identifiedsecond devices. Second prompt 320 presents a request to identify aspecific second device ID, which the user wants associated with theauthentication parameters entered at first entry 315. In oneimplementation, the user can enter multiple second devices or no seconddevices. When no entry is provided within second entry 325, the enteredauthentication parameters becomes the global authentication parametersrequired by any and all second devices. SAA UI 230 also provides areturn soft button 330 and an end soft button 335 to allow the user toreturn the entries for processing by SAA utility or to exit the SAA UI230, respectively.

Within FIG. 4, SAA UI 230 presents the QR code image 410 thatcorresponds to the authentication parameters provided within first entry315 (FIG. 3). When the QR code is being displayed within SAA UI 230, UE1100 supports transfer of authentication QR code image 410 via imagecapture by a second device. FIG. 5 illustrates an example implementationscenario in which an image of a generated authentication QR code image410 is communicated to a second device, UE2 146, in accordance with oneembodiment. As shown, in order for direct image transfer, both devices100, 146 have to be placed face to face within a maximum distance fromeach other. These two requirements ensure that only a second device thatis known to the user of UE1 100 will likely be in a position to capturethe displayed QR code image 410 and later utilize the QR code image 410as the authentication parameter to access data content on UE1 100.

According to one embodiment, the SAA utility 110 configures the device(100) to communicate the authentication QR code to at least one seconddevice by displaying the generated authentication QR code on a displayof the first device to allow a camera of the at least one second devicethat is placed in proximity to the first device to capture an image ofthe QR code. In one or more embodiments, authorization to access thefirst device is limited to only second devices that are allowed to beplaced in a position adjacent the display, within a proximate distanceto the display at which an image of the authentication QR code can becaptured.

In one alternate embodiment, the SAA utility 110 configures the deviceto communicate the authentication QR code to at least one second deviceby transmitting the authentication QR code via a text message to asecond device. In yet another embodiment, the SAA utility configures thedevice to: communicate the authentication QR code to at least one seconddevice by transmitting the authentication QR code via one of anelectronic and a wireless communication medium to a second device.

FIG. 6 illustrates an example implementation scenario in which a seconddevice, UE2 146, is paired with UE1 100, where the second device isauthenticated using the generated and shared authentication QR code 410,in accordance with one embodiment. As shown, both devices are orientedin one of several alternate pairing configurations. UE1 100 includespairing UI 264 presented on display 125. Pairing UI 264 can presentcertain aspects of the pairing functions occurring on UE1 100 within astatus output area 610, including three different status reports,namely, pairing, device access authentication, and data transfer. UE2146 also includes second pairing UI 630, which presents three seconddevice status reports within second status output area 635, namelypairing, device access approved, and data transfer. Both pairing UIs 264and 630 include an end session soft button 620, 640, by which eachdevice can terminate an ongoing pairing session. The connecting linesbetween the devices indicate two communication paths during the pairingprocess. First connecting line 625 indicates a transfer of a copy of QRcode 155 from UE2 146 to UE1 100 as the authentication mechanism duringinitial pairing. Once authentication is completed, a communicationchannel, represented as bi-directional arrow 645, is opened between thetwo devices and on which data content 245 can be transmitted from UE1100 to UE2 146. Communication channel 645 actually enables two-waytransfer between paired devices, in one or more embodiments.

To facilitate the use of authentication QR code 155 as theauthentication mechanism for accessing data content on UE1 100, UE2 146first captures and stores a copy of authentication QR code 155 from UE1100. According to a least one embodiment, the SAA utility 110 furtherconfigures the device (100) to, in response to receiving a request foraccess to the first device from a second device: identify whether therequest for access includes a received QR code; compare the received QRcode with a currently assigned authentication QR code; and enable thesecond device to access the first device only in response to thereceived QR code matching the currently assigned authentication QR code.

With reference now to the flow charts, FIG. 7 is a flow chartillustrating aspects of a method 700 by which a periodically changingauthentication QR code is periodically generated and tracked for usagewithin a preset time limit, according to one or more embodiments. FIG. 8is a flow chart illustrating aspects of a method 800 by which theperiodically changing authentication QR code is utilized as anauthentication mechanism to enable secure access to an user equipment,according to one or more embodiments. FIG. 9 is a flow chartillustrating aspects of a method by which a periodically changingauthentication QR code is utilized by one or more second devices toaccess a first device based on a pre-established usage policy, accordingto one or more embodiments. Finally, FIG. 10 is a flow chartillustrating aspects of a method by which the periodically changingauthentication QR code enables overlapping access by one or more seconddevices to the first device while the QR code is changed for othersecond devices not currently accessing the first device, according toone or more embodiments.

With the descriptions that follow, certain aspects of the variousmethods can be implemented by processor 104 executing code from one ormore of SAA utility 110 and/or pairing module 260 and/or other softwareor firmware components of UE1 100. Generally, the methods 700, 800, 900,and/or 1000 can be described as being performed by one or more of UE1100, processor 104 or a specific utility, e.g., SAA utility 110, withoutlimitation.

FIG. 7 presents a method 700 for providing security via Quick Response(QR) codes. The method 700 begins at block 702 at which processor 104executes SAA utility 110 on UE1 100. Processor 104 then generates orreceives an entry (e.g., via SAA UI 230) of one or more authenticationparameter(s) 205 (block 704). With the received or generatedauthentication parameter(s) 205, processor 104 generates a correspondingauthentication QR code 155 (block 706), and assigns the authenticated QRcode 155 as the authentication mechanism for pairing with and/oraccessing UE1 100 from a second device (block 708). At block 710,processor 104 establishes a QR code validity parameter 210. The QR codevalidity parameter 210 defines when access to the first device can beprovided to at least one second device that provides the currentauthentication QR code along with an access request. As provided herein,QR code validity parameter 210 can be one or both of a time limit or adefined location within which the authentication QR code remains validand outside of which the authentication QR code becomes stale or invalidand is automatically replaced with a new QR code. In one or moreembodiments, the at least one QR code validity parameter comprises atleast one of (1) a time window having an end time; (2) a definedlocation within which an authentication QR code remains valid, andoutside of which the authentication QR code is invalid, wherein a newauthentication QR code is automatically generated when the first devicemoves outside of the defined location and a new defined location isestablished for the new authentication QR code; and (3) a definedlocation within which a current authentication code remains valid untilthe end of a second time window, where a new authentication QR code isgenerated when the second time window ends and a new defined locationand time window is established for the new authentication QR code.

Thus, at decision block 712, processor 104 determines whether apre-defined trigger associated with the QR code validity parameter 210is registered or detected. In one embodiment, this determination cangenerally be represented by a tracking value that indicates when thecurrent authentication QR code 155 is still valid. In one embodiment,the pre-defined trigger is an associated one of the end time, movementof the first device outside of the defined location; and no movementoutside of the defined location within a defined period of time. In oneor more embodiments, the pre-defined trigger may include at least oneof: passage of a preset amount of time following generation of apreviously generated authentication QR code; completion of a pre-definedamount of data transfer from the first device to a requesting device;completion of a transfer of a specific set of data from the first deviceto a requesting device; and movement of the requesting device out of acommunication range from the first device.

While the QR code validity parameter 210 indicates the currentauthentication QR code is still valid, method 700 includes processor 104continuing to utilize the authentication QR code as the currentauthentication mechanism for accessing UE1 100, unless one of a firstperiodic timer or a second location timer expires (block 716). In oneembodiment, a second periodic timer is utilized to automatically updatethe authentication QR code after passage of a certain amount of timeand/or after the device has not moved from a general location followinga pre-set amount of time. This embodiment can be utilized primarily whenthe QR code validity parameter 210 is a location based parameter and UE1100 is not moved out of an initial location in which the first assignedauthentication QR code would remain valid.

Returning to the flow chart, when the authentication QR code is nolonger valid, e.g., in response to occurrence or detection of apre-defined trigger associated with the selected QR code validityparameter 210, method 700 further includes processor 104 discarding thecurrent (or previous) authentication QR code and preventing any futureaccess to UE1 100 where the received access request includes and/orutilizes the discarded or stale QR code as the access mechanism (block714). Method 700 also includes processor 104 returning to block 704 and,after receiving or generating new authentication parameters, generatinga new authentication QR code that is different from a previouslygenerated authentication QR code. As with the previously generatedauthentication QR code, the generation of a new authentication QR codeincludes processor 104 also: assigning the new authentication QR code asthe current authentication mechanism for accessing the first device;associating a corresponding new QR code validity parameter 210 to thenew authentication QR code; and initiating a tracking of thecorresponding new QR code validity parameter 210 during which the newauthentication QR code remains valid (blocks 708-712).

Thus, according to the above described embodiments, generating the firstauthentication QR code and periodically generating a new authenticationQR code comprises the processor 104: periodically generating a new QRcode validity parameter required to be entered before access ispermitted to the first device; and converting the new QR code validityparameter into a corresponding authentication QR code.

Turning now to FIG. 8, method 800 begins at start block and proceeds toblock 802 at which processor 104 generates a new authorization QR code155 and associates the new authorization QR code with a correspondingnew QR code validity parameter 210. At block 804, UE1 100 communicatesthe authentication QR code to at least one second device by displayingthe generated authentication QR code on a display of UE1 100 to allow acamera or a QR reader of the at least one second device that is placedin proximity to the first device to capture an image of the QR code.With this embodiment, authorization to access the first device can thenbe limited to only second devices that are allowed to be placed in aposition adjacent the display, within a proximate distance to thedisplay at which an image of the authentication QR code can be captured.In one or more alternate embodiments, method 800 can involve UE1 100communicating the authentication QR code to at least one second deviceby transmitting the authentication QR code via a text message to asecond device. In yet other embodiments, method 800 can involve UE1 100communicating the authentication QR code to at least one second deviceby transmitting the authentication QR code via one of an electronic anda wireless communication medium to a second device.

At block 806, method 800 includes processor 104 mapping or linking thenew authentication QR code to one or more of (a) a general deviceaccess, (b) access to specific content on UE1 100, and/or access by oneor more selected, specific second devices. One or more of the differentaccesses can include a time limit for such access. Method 800 furtherincludes processor 104 enabling access to the UE1 100 by at least onesecond device that communicates an access request to the first device,where the access request provides an authentication QR code that is thecurrent authentication parameter for accessing the first device, whilethe selected at least one QR code validity parameter associated with theauthentication QR code remains valid (block 807).

Continuing with the illustrative embodiment, but not shown in FIG. 8,the enabling access comprises enabling pairing of a second device withUE1 100 in response to the second device providing the firstauthentication QR code as the authentication parameter during pairing ofthe second device to the first device. In one or more embodiments,pairing of the devices comprises at least one of: enabling wirelesscommunication between the first device and the second device; enablingat least one data transfer between the first device and the seconddevice; enabling an exchange of information between the first device andthe second device; enabling access to one or more of files and data onthe first device by the second device; and enabling control of the firstdevice via inputs provided on the second device.

The actual method processes involved in the above described accesses bya second device to UE1 100 are presented in blocks 808-818. At block808, method 800 includes processor 104 detecting a request from thesecond device to access UE1 100. In response to receiving the requestfor access to UE1 100 from a second device, method 800 includesprocessor 104 performing the following sequence of functions:identifying, as indicated by decision block 810, whether the request foraccess includes a received QR code; comparing the received QR code witha currently assigned authentication QR code (block 812); determining atblock 814 if the received QR code matches the current authentication QRcode, which is still valid; and enabling the second device to access thefirst device only in response to the received QR code matching thecurrently assigned authentication QR code (block 816). If at decisionblock 810, the request from the second device does not include a QRcode, the processor 104 denies access to UE1 100 (block 818). Similarly,if received QR code does not match the current, valid, authentication QRcode, the processor 104 denies access to UE1 100 (block 818). Method 800then ends.

FIG. 9 provides a flow chart of a method for providing secure access toa first device via Quick Response (QR) codes with one or more usageprofiles. Method 900 begins at block 902 at which processor 104 of UE1100 generates a new authentication QR code, with associated validityparameter(s). The authentication QR code is then assigned as a currentauthentication mechanism for accessing UE1 100. At block 904, method 900includes identifying and associating a usage profile 225 (FIG. 2) forthe authentication QR code. According to one or more embodiments, theusage profile 225 can include permitting secure access by a specifiednumber of second devices using the authentication QR code and/orpermitting secure access under pre-established access criteriasupporting the secure access. For example, in one embodiment, the usageprofile is set to enable any second device to access the first deviceonce the second device provides the valid authentication QR code duringthe access request. The usage profile can also be set to prevent anyaccess to the first device that does not include the validauthentication QR code. At block 906, method 900 includes processor 104setting the usage profile of the authentication QR to enable at leastone of (a) only a single second device to access the first device usingthe valid authentication QR code and (b) only a single access using thevalid authentication QR code by any one second device. Method 900 thenincludes enabling connection to the first device by an initial seconddevice that provides a valid authentication QR code during an accessrequest (block 908). At block 910, method includes UE1 100 detecting arequest for access to UE1 100 by another second device (separate fromthe already connected initial second device), wherein the other seconddevice also provides the valid authentication QR code as the accessmechanism. At decision block 912, method 900 involves a determination ofwhether the usage profile includes supporting multiple simultaneous orconcurrent second device accesses to UE1 100.

When decision block 912 yields an affirmative response, and the usageprofile allows for concurrent access by multiple second devices,multiple other second devices that provide the valid authentication QRcode are permitted to connect to and exchange data with UE1 100 (block914). However, access to UE1 100 is denied for all other second devicesthat do not provide the valid authentication QR code (block 916).

However, at decision block 912, in response to the usage profile beingset to a single access usage for the generated authentication QR code,method 900 includes determining at decision block 918 whether the QRcode has been previously utilized to access UE1 100. In response to theQR code having already been utilized to access UE1 100, method 900includes denying access to the first device by any other second devicethat utilizes the authentication QR code (as the access mechanism) orwhich does not provide a currently valid authentication QR code duringthe access request (block 920). However, when the QR code has not beenpreviously utilized and is a current valid QR code, method 900 includesenabling the access by the initial second device to the first device(block 922). Thus, with this embodiment, access to UE1 100 is permittedonly if the valid authentication QR code has not been previouslyutilized to provide access by another second device. Also, in responseto the valid authentication QR code having been previously utilized toprovide access by another second device, method 900 includes denyingaccess to any subsequent second device, including second devices thatprovide the previously valid authentication QR code (block 920).

Turning now to FIG. 10, there is illustrated another flow chart showingthe method 1000 by which an ongoing session is maintained between twoconnected devices. Method 1000 begins at block 1002 at which an initialsecond device connects to UE1 100 using the valid authorization QR code.At block 1004, the QR code is recorded within a QR code usage register227 as being a used QR code. In one embodiment, the usage register 227is a single register or bit associated with the QR code, and can be setto a logic high or low to indicate that the QR code has already beenused to access UE1 100. In one embodiment, the register 227 can includemultiple entries, one for each of a plurality of QR codes, with each QRcode being tracked such that a first usage is recorded in the register227 in an entry corresponding to that QR code. Alternate embodiments canallow for a fixed number of uses (greater than a single use) for one ormore QR codes, as defined by the usage policy 225 associated with the QRcode. A determination is made at block 1006 whether a trigger conditionassociated with the validity parameter has been encountered or detected.If the trigger condition is not encountered, then the devices continuethe session using the existing QR code (block 1007). However, inresponse to detection of the trigger condition, the current QR code ismade invalid, and the method 1000 includes generating a newauthentication QR code and assigning the new QR code as theauthentication mechanism (block 1008). As shown at block 1010, themethod 1000 also includes enabling the ongoing session established priorto the generating of the new authentication QR code to continue whilethe session remains connected. Notably, this ongoing session stillmaintains the previous authentication QR code, which has been madeinvalid by the trigger condition. However, as provided at block 1012,method 1000 further comprises requiring the new authentication QR codebefore enabling a next session with any other second device, even whilethe first session initiated with the previously valid QR code isongoing. At decision block 1014, a determination is made whether thedisconnection of the session with the initial second device is detected.In response to disconnection of the session, a subsequent access requestby the initial second device requires the new QR code before the initialsecond device will be able to initiate the next session. Thus, method1000 includes preventing the second device involved in the session fromreconnecting to the first device without the second device providing thenew authentication QR code with an access request to reconnect thesession (block 1016). However, as previously noted, the initial seconddevice is permitted to continue with the session using the previouslyvalid QR code so long as the session remains open and is not terminated.

In each of the flow charts presented herein, certain steps of themethods can be combined, performed simultaneously or in a differentorder, or perhaps omitted, without deviating from the spirit and scopeof the described innovation. While the method steps are described andillustrated in a particular sequence, use of a specific sequence ofsteps is not meant to imply any limitations on the innovation. Changesmay be made with regards to the sequence of steps without departing fromthe spirit or scope of the present innovation. Use of a particularsequence is therefore, not to be taken in a limiting sense, and thescope of the present innovation is defined only by the appended claims.

As will be appreciated by one skilled in the art, embodiments of thepresent innovation may be embodied as a system, device, and/or method.Accordingly, embodiments of the present innovation may take the form ofan entirely hardware embodiment or an embodiment combining software andhardware embodiments that may all generally be referred to herein as a“circuit,” “module” or “system.”

Aspects of the present innovation are described below with reference toflowchart illustrations and/or block diagrams of methods, apparatus(systems) and computer program products according to embodiments of theinnovation. It will be understood that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer program instructions. These computer program instructions maybe provided to a processor of a general purpose computer, specialpurpose computer, or other programmable data processing apparatus toproduce a machine, such that the instructions, which execute via theprocessor of the computer or other programmable data processingapparatus, create means for implementing the functions/acts specified inthe flowchart and/or block diagram block or blocks.

While the innovation has been described with reference to exemplaryembodiments, it will be understood by those skilled in the art thatvarious changes may be made and equivalents may be substituted forelements thereof without departing from the scope of the innovation. Inaddition, many modifications may be made to adapt a particular system,device or component thereof to the teachings of the innovation withoutdeparting from the essential scope thereof. Therefore, it is intendedthat the innovation not be limited to the particular embodimentsdisclosed for carrying out this innovation, but that the innovation willinclude all embodiments falling within the scope of the appended claims.Moreover, the use of the terms first, second, etc. do not denote anyorder or importance, but rather the terms first, second, etc. are usedto distinguish one element from another.

The terminology used herein is for the purpose of describing particularembodiments only and is not intended to be limiting of the innovation.As used herein, the singular forms “a”, “an” and “the” are intended toinclude the plural forms as well, unless the context clearly indicatesotherwise. It will be further understood that the terms “comprises”and/or “comprising,” when used in this specification, specify thepresence of stated features, integers, steps, operations, elements,and/or components, but do not preclude the presence or addition of oneor more other features, integers, steps, operations, elements,components, and/or groups thereof.

The corresponding structures, materials, acts, and equivalents of allmeans or step plus function elements in the claims below are intended toinclude any structure, material, or act for performing the function incombination with other claimed elements as specifically claimed. Thedescription of the present innovation has been presented for purposes ofillustration and description, but is not intended to be exhaustive orlimited to the innovation in the form disclosed. Many modifications andvariations will be apparent to those of ordinary skill in the artwithout departing from the scope and spirit of the innovation. Theembodiment was chosen and described in order to best explain theprinciples of the innovation and the practical application, and toenable others of ordinary skill in the art to understand the innovationfor various embodiments with various modifications as are suited to theparticular use contemplated.

What is claimed is:
 1. A method for providing security via QuickResponse (QR) codes, the method comprising: generating a firstauthentication QR code; assigning the first authentication QR code as acurrent authentication mechanism for accessing a first device;establishing at least one QR code validity parameter that defines whenaccess to the first device can be provided to at least one second devicethat provides the first authentication QR code along with an accessrequest; and in response to a pre-defined trigger associated with theselected at least one QR code validity parameter: generating a newauthentication QR code that is different from a previously generatedauthentication QR code; assigning the new authentication QR code as thecurrent authentication mechanism for accessing the first device;associating a corresponding new QR code validity parameter to the newauthentication QR code; and initiating a tracking of the correspondingnew QR code validity parameter during which the new authentication QRcode remains valid.
 2. The method of claim 1, wherein: the at least oneQR code validity parameter comprises at least one of (1) a time windowhaving an end time and (2) a defined location within which anauthentication QR code remains valid, and outside of which theauthentication QR code is invalid, wherein a new authentication QR codeis automatically generated when the first device moves outside of thedefined location and a new defined location is established for the newauthentication QR code; the pre-defined trigger is an associated one ofthe end time and movement of the first device outside of the definedlocation; and the method further comprises: enabling access to the firstdevice by at least one second device that communicates an access requestto the first device, where the access request provides an authenticationQR code that is the current authentication parameter for accessing thefirst device, while the selected at least one QR code validity parameterassociated with the authentication QR code remains valid; and inresponse to the selected at least one QR code validity parameter beingthe defined location, periodically triggering the generating of the newauthentication QR code.
 3. The method of claim 2, wherein enablingaccess comprises enabling pairing of a second device with the firstdevice in response to the second device providing the firstauthentication QR code as the current authentication parameter duringpairing of the second device to the first device.
 4. The method of claim3, wherein pairing of the devices comprises at least one of: enablingwireless communication between the first device and the second device;enabling at least one data transfer between the first device and thesecond device; enabling an exchange of information between the firstdevice and the second device; enabling access to one or more of filesand data on the first device by the second device; and enabling controlof the first device via inputs provided on the second device.
 5. Themethod of claim 1, wherein generating the first authentication QR codeand periodically generating a new authentication QR code comprises:periodically generating a new device access authentication parameterrequired to be entered before access is permitted to the first device;converting the new device access authentication parameter into acorresponding authentication QR code; discarding the previousauthentication QR code; and preventing access to the first device when areceived access request includes the previous authentication QR code. 6.The method of claim 1, further comprising: in response to receiving arequest for access to the first device from a second device: identifyingwhether the request for access includes a received QR code; comparingthe received QR code with a currently assigned authentication QR code;and enabling the second device to access the first device only inresponse to the received QR code matching the currently assignedauthentication QR code.
 7. The method of claim 1, further comprising:communicating the authentication QR code to at least one second deviceby displaying the generated authentication QR code on a display of thefirst device to allow a camera of the at least one second device that isplaced in proximity to the first device to capture an image of the QRcode, wherein authorization to access the first device is limited toonly second devices that are allowed to be placed in a position adjacentthe display, within a proximate distance to the display at which animage of the authentication QR code can be captured.
 8. The method ofclaim 1, further comprising: communicating the authentication QR code toat least one second device by transmitting the authentication QR codevia a text message to a second device.
 9. The method of claim 1, furthercomprising: communicating the authentication QR code to at least onesecond device by transmitting the authentication QR code via one of anelectronic and a wireless communication medium to a second device. 10.The method of claim 1, wherein the pre-defined trigger includes at leastone of: passage of a preset amount of time following generation of apreviously generated authentication QR code; completion of a pre-definedamount of data transfer from the first device to a requesting device;completion of a transfer of a specific set of data from the first deviceto a requesting device; and movement of the requesting device out of acommunication range from the first device.
 11. An electronic devicecomprising: a display; a communication mechanism; a processor that iscommunicatively coupled to the display and the communication mechanism;and a secure access authentication (SAA) utility that executes on theprocessor and configures the device to: generate a first authenticationQR code; assign the first authentication QR code as an authenticationmechanism for accessing a first device; establish at least one QR codevalidity parameter that defines when access to the first device can beprovided to at least one second device that provides the firstauthentication QR code along with an access request; and in response toa pre-defined trigger associated with the at least one QR code validityparameter: generate a new authentication QR code that is different froma previously generated authentication QR code; assign the newauthentication QR code as the current authentication mechanism foraccessing the first device; associate a corresponding new QR codevalidity parameter to the new authentication QR code; and initiate atracking of the corresponding new QR code validity parameter duringwhich the new authentication QR code remains valid.
 12. The electronicdevice of claim 11, wherein: the at least one QR code validity parametercomprises at least one of (1) a time window having an end time and (2) adefined location within which an authentication QR code remains valid,and outside of which the authentication QR code is invalid, wherein anew authentication QR code is automatically generated when the firstdevice moves outside of the defined location and a new defined locationis established for the new authentication QR code; the pre-definedtrigger is an associated one of the end time and movement of the firstdevice outside of the defined location; and the SAA utility furtherconfigures the device to: enable access to the first device by at leastone second device that communicates an access request to the firstdevice, where the access request provides an authentication QR code thatis the current authentication parameter for accessing the first device,while the selected at least one QR code validity parameter associatedwith the authentication QR code remains valid; and in response to theselected at least one QR code validity parameter being the definedlocation, periodically trigger the generating of the new authenticationQR code when the first device is moved away from the defined location.13. The electronic device of claim 12, wherein the SAA utility furtherconfigures the device to enable access to the first device by enabling apairing of a second device with the first device in response to thesecond device providing the authentication QR code that is the currentauthentication parameter during pairing of the second device to thefirst device.
 14. The electronic device of claim 13, wherein the SAAutility configuring the device to pair the devices includes configuringthe device to perform at least one of: wireless communication betweenthe first device and the second device; data transfer between the firstdevice and the second device; an exchange of information between thefirst device and the second device; accessing one or more of files anddata on the first device by the second device; and controlling of thefirst device via inputs provided on the second device.
 15. Theelectronic device of claim 11, wherein the SAA utility configuring thedevice to generate the first authentication QR code and periodicallygenerate a new authentication QR code comprises the SAA utility furtherconfiguring the device to: periodically generate a new device accessauthentication parameter required to be entered before access ispermitted to the first device; convert the new device accessauthentication parameter into a corresponding authentication QR code;discard the previous authentication QR code; and preventing access tothe first device when a received access request includes the previousauthentication QR code.
 16. The electronic device of claim 11, whereinthe SAA utility further configures the device to: in response toreceiving a request for access to the first device from a second device:identify whether the request for access includes a received QR code;compare the received QR code with a currently assigned authentication QRcode; and enable the second device to access the first device only inresponse to the received QR code matching the currently assignedauthentication QR code.
 17. The electronic device of claim 11, whereinthe SAA utility further configures the device to: communicate theauthentication QR code to at least one second device by displaying thegenerated authentication QR code on a display of the first device toallow a camera of the at least one second device that is placed inproximity to the first device to capture an image of the QR code,wherein authorization to access the first device is limited to onlysecond devices that are allowed to be placed in a position adjacent thedisplay, within a proximate distance to the display at which an image ofthe authentication QR code can be captured.
 18. The electronic device ofclaim 11, wherein the SAA utility further configures the device tocommunicate the authentication QR code to at least one second device bytransmitting the authentication QR code via a text message to a seconddevice.
 19. The electronic device of claim 11, wherein the SAA utilityfurther configures the device to: communicate the authentication QR codeto at least one second device by transmitting the authentication QR codevia one of an electronic and a wireless communication medium to a seconddevice.
 20. The electronic device of claim 1, wherein the pre-definedtrigger includes at least one of: passage of a preset amount of timefollowing generation of a previously generated authentication QR code;completion of a pre-defined amount of data transfer from the firstdevice to a requesting device; completion of a transfer of a specificset of data from the first device to a requesting device; and movementof the requesting device out of a communication range from the firstdevice.
 21. A method for providing secure access to a first device viaQuick Response (QR) codes, the method comprising: generating a firstauthentication QR code; assigning the first authentication QR code as acurrent authentication mechanism for accessing the first device;identifying and associating a usage profile for the authentication QRcode to permit secure access by a specified number of second devicesusing the authentication QR code and under pre-established accesscriteria supporting the secure access; enabling connection to the firstdevice by an initial second device that provides a valid authenticationQR code during an access request; and denying access to the first deviceby any second device that does not provide the valid authentication QRcode during the access request.
 22. The method of claim 21, furthercomprising setting the usage profile of the authentication QR to enableany second device to access the first device once the second deviceprovides the valid authentication QR code during the access request andto prevent any access to the first device that does not include thevalid authentication QR code.
 23. The method of claim 21, furthercomprising setting the usage profile of the authentication QR to enableat least one of (a) only a single second device to access the firstdevice using the valid authentication QR code and (b) only a singleaccess using the valid authentication QR code by any one second device,wherein the method further comprises: in response to receiving theaccess request from the initial second device: confirming whether thevalid authentication QR code has been previously received from anothersecond device to provide access to the first device by the other seconddevice; and enabling the access by the initial second device to thefirst device only if the valid authentication QR code has not beenpreviously utilized to provide access by another second device; and inresponse to the valid authentication QR code having been previouslyutilized to provide access by another second device, denying access tothe initial second device and any subsequent second device, includingsecond devices that provide the authentication QR code.
 24. The methodof claim 21, further comprising: generating a new authentication QR codein response to a pre-established trigger; enabling an ongoing sessionestablished prior to the generating of the new authentication QR code tocontinue while the session remains connected; detecting a disconnectionof the session; and preventing the second device involved in the sessionfrom reconnecting to the first device without the second deviceproviding the new authentication QR code with an access request toreconnect the session.